ALAS-2012-117

Amazon Linux 1 Security Advisory: ALAS-2012-117
Advisory Release Date: 2012-08-18 05:14 Pacific
Advisory Updated Date: 2014-09-14 16:50 Pacific

Severity: Low

References: CVE-2012-2668 RHSA-2012-1151
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security (TLS) negotiation with OpenLDAP clients. (CVE-2012-2668)

Affected Packages:

openldap

Issue Correction:
Run yum update openldap to update your system.

New Packages:

i686:
    openldap-clients-2.4.23-26.16.amzn1.i686
    openldap-devel-2.4.23-26.16.amzn1.i686
    openldap-debuginfo-2.4.23-26.16.amzn1.i686
    openldap-servers-2.4.23-26.16.amzn1.i686
    openldap-servers-sql-2.4.23-26.16.amzn1.i686
    openldap-2.4.23-26.16.amzn1.i686

src:
    openldap-2.4.23-26.16.amzn1.src

x86_64:
    openldap-clients-2.4.23-26.16.amzn1.x86_64
    openldap-servers-sql-2.4.23-26.16.amzn1.x86_64
    openldap-2.4.23-26.16.amzn1.x86_64
    openldap-devel-2.4.23-26.16.amzn1.x86_64
    openldap-servers-2.4.23-26.16.amzn1.x86_64
    openldap-debuginfo-2.4.23-26.16.amzn1.x86_64

Additional References

Red Hat: CVE-2012-2668

Mitre: CVE-2012-2668